IIS auth. problem with 2003 SP1

On a 2003 stand alone server I'm running Citrix webinterface on top of the
IIS.

This web interface implements it's own authentication for regular users, and
as such IIS sees user sessions as anonymous. But a subdirectory of the IIS
allows for administration of the web interface, and because of that I've set
it to require integrated authentication. To access these administration
pages I usually specify the local administrator (pretty much the only
existing user on that box).

Recently I installed SP1 + all existing security patches, and I thought that
everything was working all right. Now some weeks later I've found out that
I'm not able to login to the IIS anymore to access these administration web
pages. It simply keeps asking for a user ID and password and after 3 tries
it states that I'm not authorized to view the page, as if I had entered
incorrect credentials.
However I can login to the console. Furthermore I've checked policies (logon
locally, access via network) and I've checked ACLs on the files and folders
I'm trying to access. Everything seems to be ok, but I still can't login.

For each logon attempt the following message is written to the audit log:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 20-04-2006
Time: 13:08:35
User: NT AUTHORITY\SYSTEM
Computer: DKTSCSG01
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: administrator
Domain: DKTSCSG01
Logon Type: 3
Logon Process: ÐùX`?

Authentication Package: NTLM
Workstation Name: DKTSCSG01
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 193.x.x.x
Source Port: 11611

I'm not sure, but I'm suspecting the installation of SP1 has changed some
security setting preventing this IIS login.
Has anyone seen such a problem before or have an idea of what I could try or
check ?

I tried to enable basic authentication too, but it makes no difference.


Thanks in advance,
Jan Nielsen


.

Relevant Pages

  • Re: Integrated Authentication - one way cross forest trust
    ... You must set the permissions in IIS and on the folder you are ... > and is in the trusted domain) we are unable to get past the authentication ... this would lead me to believe it is specific to IIS. ... > Logon Failure: ...
    (microsoft.public.inetserver.iis)
  • Re: What is a local logon?
    ... and a hash of your password to IIS. ... > impression that Basic Authentication is now a network, not a local, logon. ...
    (microsoft.public.windows.server.security)
  • Re: ADAM
    ... If you need logon auditing, then ADAM can do this, although it will go into ... Security log, not IIS log. ... >>You can not use ADAM for IIS authentication, ...
    (microsoft.public.windows.server.active_directory)
  • Re: IIS auth. problem with 2003 SP1
    ... This web interface implements it's own authentication for regular users, ... administration pages I usually specify the local administrator (pretty ... (logon locally, access via network) ... Caller User Name: - ...
    (microsoft.public.inetserver.iis.security)
  • Re: 401 error requires browser restart for unrestricted pages
    ... This is a 401.1 problem (failure to logon network user), ... request, and we can see IIS's response, and together with IIS configuration, ... Anonymous username/password is out of sync between IIS and Windows SAM ... Since you have other authentication enabled, ...
    (microsoft.public.inetserver.iis.security)